{"id":2016,"date":"2012-08-21T00:00:00","date_gmt":"2012-08-21T00:00:00","guid":{"rendered":"http:\/\/otava.test\/how-to-handle-an-it-security-incident-according-to-nist\/"},"modified":"2012-08-21T00:00:00","modified_gmt":"2012-08-21T00:00:00","slug":"how-to-handle-an-it-security-incident-according-to-nist","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/","title":{"rendered":"How to Handle an IT Security Incident, According to NIST"},"content":{"rendered":"

The National Institute of Science and Technology (NIST) has released a Computer Security Incident Handling Guide detailing a very thorough overview of how to detect, analyze and isolate an incident (data breach, loss, unauthorized access or otherwise); response and notification policies; what resources to have prepared; and more. They even provide several real-life scenarios with questions that, if you\u2019ve experienced a similar event, you should be asking yourself and organization\/incident response team.<\/p>\n

Since the 70-page document will likely take some time to get through, they provide a handy summary of each section and key issues that any organization concerned with security and disaster-preparedness should take into account. Here, I recount just a few examples of the NIST recommendations for handling incidents:<\/p>\n

Tools and Resources<\/strong>
\nPrepare for an incident in advance by having the following on hand: contact lists, encryption software, network diagrams, backup devices, digital forensic software and port lists.<\/p>\n

Prevention with Security<\/strong>
\nSecuring networks, systems and applications can prevent an incident. Periodic risk assessments, reducing known risks, and security policy awareness staff training are all ways an organization can cut down on incident risk.<\/p>\n

Security Software<\/strong>
\nUsing intrusion detection and prevention systems, antivirus<\/a> software, file integrity monitoring<\/a> and daily log review<\/a> can help identify potential incidents with alerts. The use of several, if not all, can help provide layers of security, with each approach detecting different types of data and system breaches. Logging of operating systems, services and applications can also help after an incident to identify which accounts were accessed and what actions were performed. Having a log retention policy is also key to having older logs available that may reveal previous patterns of attack.<\/p>\n

Profile Networks and Systems<\/strong>
\nNIST recommends measuring expected characteristics and activity levels of networks and systems for easier detection when deviations from the norm occur. Easier detection allows faster escalation of issues to administrators in the event of an incident.<\/p>\n

Incident Documentation<\/strong>
\nRecording information as soon as an incident is suspected of occurring should be thorough with timestamps. Aside from providing a more efficient and systematic remediation process, it also can help with any resulting litigation in court.<\/p>\n

Safeguard Incident Data<\/strong>
\nEnsure that any sensitive information about vulnerabilities, security breaches and user activity has limited access, both logically and physically. Strong access controls, monitoring and alarm systems, dual-factor authentication, and more can keep data safe. Read more about data center security<\/a>.<\/p>\n

Lessons Learned<\/strong>
\nLast on their list, NIST recommends holding \u2018lesson learned\u2019 meetings after any major incidents in order to make a plan to improve security measures and even the incident handling process itself.<\/p>\n

Incident handling shouldn\u2019t be an afterthought for anyone concerned with security, or needs to meet HIPAA or PCI compliance. If you outsource your hosting services to a managed hosting provider, ask them about their incident response and breach notification policies.<\/p>\n

HIPAA hosting<\/a> providers need to have a clause about breach notification in their Business Associate Agreements<\/a> (BAA), and PCI hosting<\/a> providers must implement an incident response plan, as required by standard 12.9, that states they also have to be prepared to respond immediately to a system breach.<\/p>\n

Read more about NIST\u2019s recommendations on other aspects of incident handling in their Computer Security Incident Handling Guide<\/a>. Or, read more about security and data center standards for both HIPAA compliant hosting and PCI compliant hosting with our HIPAA white paper<\/a>, and PCI white paper<\/a>.
\n<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

The National Institute of Science and Technology (NIST) has released a Computer Security Incident Handling Guide detailing a very thorough overview of how to detect, analyze and isolate an incident (data breach, loss, unauthorized access or otherwise); response and notification policies; what resources to have prepared; and more. They even provide several real-life scenarios with questions that, if you\u2019ve experienced a similar event, you should be asking yourself and organization\/incident response team. Since the 70-page document will likely take some time to get through, they provide a handy summary of each section and key issues that any organization concerned with security and disaster-preparedness should take into account. Here, I recount just a few examples of the NIST recommendations for handling incidents: Tools and Resources Prepare for an incident in advance by having the following on hand: contact lists, encryption software, network diagrams, backup devices, digital forensic software and port lists. Prevention with Security Securing networks, systems and applications can prevent an incident. Periodic risk assessments, reducing known risks, and security policy awareness staff training are all ways an organization can cut down on incident risk. Security Software Using intrusion detection and prevention systems, antivirus software, file integrity monitoring and daily…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2016","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nHow to Handle an IT Security Incident, According to NIST | OTAVA<\/title>\n<meta name=\"description\" content=\"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Handle an IT Security Incident, According to NIST\" \/>\n<meta property=\"og:description\" content=\"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-21T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"How to Handle an IT Security Incident, According to NIST\",\"datePublished\":\"2012-08-21T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\"},\"wordCount\":576,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\",\"url\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\",\"name\":\"How to Handle an IT Security Incident, According to NIST | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-08-21T00:00:00+00:00\",\"description\":\"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Handle an IT Security Incident, According to NIST\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Handle an IT Security Incident, According to NIST | OTAVA","description":"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/","og_locale":"en_US","og_type":"article","og_title":"How to Handle an IT Security Incident, According to NIST","og_description":"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.","og_url":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/","og_site_name":"OTAVA","article_published_time":"2012-08-21T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"How to Handle an IT Security Incident, According to NIST","datePublished":"2012-08-21T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/"},"wordCount":576,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/","url":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/","name":"How to Handle an IT Security Incident, According to NIST | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-08-21T00:00:00+00:00","description":"According to NIST, here are the key issues that any organization concerned with IT security and disaster-preparedness should take into account.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/how-to-handle-an-it-security-incident-according-to-nist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"How to Handle an IT Security Incident, According to NIST"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2016"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2016\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2016"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}